38 Answers
38

Ahem.
Depending on what this password is to be used for, I would recommend a technique recommended even by crypto-great Bruce Schneier:

Write it down.

That's right - get yourself a REEAAAHEEELLYYY complex random password that you cannot remember, and WRITE IT DOWN.
Of course, write it someplace safe, not attached to outside of your laptop that the password is being used for.

+1 Agreed. Anything that can be attacked millions of times offline needs a ridiculous password, but attacks that can be spotted before thousands of attempts don't need as strong passwords.
–
rox0rFeb 9 '11 at 3:51

1

and this is precisely what software like 1Password, KeePass and LastPass aim to achieve. Thumbs up.
–
Kaushik GopalFeb 9 '12 at 10:56

1

If you write it on a piece of paper, also make sure it's the only piece of paper placed on a hard surface. Or, use a soft tip pen. Just a thought... I swear it's not me in my family that watches Murder She Wrote! Honestly!! :)
–
TildalWaveApr 11 '13 at 4:04

Where do you use it? A system where you have to log in often? IMHO most users don't want to enter 42-character phrase. ;-)
–
qbiNov 22 '10 at 14:53

5

If they can touch type it really isn't that difficult. The biggest problem is that most system place absurd restrictions on length or they won't accept spaces.
–
sdanelsonDec 3 '10 at 15:19

2

Isn't that less safe than using a password? Assuming you use small and capital letters and 8 characters you have 52^8 combinations, compared to the ~2000 words we use in common speech raised to the power of 4/5?
–
DaveFeb 11 '11 at 0:44

7

Actually, 52^8 yields 53,459,728,531,456, while 2000^5 yields 32,000,000,000,000,000. That's 3 orders of magnitude bigger for a "sentence" of only 5 words. Plus, most of us while we commonly only use 2000 words, have a vocabulary much bigger. Plus the sentence in the original post uses 9 words, one of which isn't even a word one would be able to see in the dictionary.
–
KibbeeSep 19 '11 at 1:18

1

Some passwords are truncated: no matter how long your password is, the password is truncated before it is used for authentication. Linux and UNIX user passwords have been guilty of this; other passwords are probably guilty of this as well.
–
MeiJan 26 '12 at 19:58

I like to use the Shift your fingers method. Take an easy passphrase like 'stackoverflow', move your fingers 1 character to right as you type and you get 'dysvlpbtg;pe' which is a lot harder to guess or crack.

Although this works fairly well its best to add a few other twists to this like a memorable number and some special characters to make it a really strong password.

'dysvlpbtg;pe!1234$'

Using this method its easy to have a different and very good password for each site you use but for it still be re-memorable.

UPDATE:

@Larry & @AviD point out that if this method becomes more common it becomes more likely to be taken into account by cracking dictionaries and other attack methods.

Obviously there is a balance between the re-memorable and the super secure. Depending on the usage applying some of these techniques would help make this method stronger.

Shift differently - don't just shift 1 character to the right. Go a different way and / or shift by a different number of characters. Using "stackoverflow" as an example passphrase again, shift down you get "xgz ,l dfv.ls", shift by 2 characters right you get "fudb;[ntyh'[r". This starts to improve the technique but obviously this can be adopted by attackers as well.

Suffix and Prefix - Add a suffix and prefix into the mix, "@@stackoverflow$$" adds a load of other possibilities in to the mix.

Be different - There are a lot of different methods suggested as answers to this question. Probably the best answer to the question, is to use a bit from each of them and make a method your own. In that way you will always remember it and if its unique to everyone else, it means it does not become weak as everyone else isn't doing the same thing.

Note that if this becomes common, it is easy to adopt dictionary attacks to this technique.
–
Larry OstermanNov 22 '10 at 3:08

3

Also there are already some techniques that take keyboard placement into account.
–
AviD♦Nov 22 '10 at 6:05

3

You should take into account, that different keyboard-layouts exists.
–
MnementhDec 19 '10 at 17:45

3

the problem with this method, once you forget was it "add @@ in the front, $$ in the back, shift 1 to the left and 2 down with wrap" or "add ## to the back, 12 at the front, shift 2 to the right with wrap and 1 down without wrap" you have a problem :) And sometimes you need passwords to places you last visited 4 years ago...
–
StasMDec 31 '10 at 23:59

Length is NOT the most important attribute, f.e. "aaaaaaaaaaaaaaaaaaaaaa" will be hacked faster than "@#^(F3", and is harder to type in correctly without messing up the length. Quick, without looking: how many a's were there?
–
AviD♦Nov 22 '10 at 13:31

9

I disagree. If I wrote a program to find the password using brute force, I would check the shorter password much sooner than the longer password. I might be able to crack a six letter password within a day. The 22-letter a-password would take years, if not decades, using brute force. Also, I did say the MOST important, not the only attribute. Do you discourage using Diceware?
–
Roger C S WernerssonNov 24 '10 at 6:57

When it comes to length vs complexity, one is not better than the other. There are trade offs. You need a degree of complexity with a fair length.
–
SteveNov 25 '10 at 20:32

3

@Roger, there is a difference between brute-force and dictionary attacks. Obviously, bruteforcing the shorter one will be quicker than the longer - but a dictionary attack would work on the longer, whereas you would be forced to bruteforce the entire pass-space for the shorter. Wrt entropy, that only applies if it is a random password that uses the entire space - simple passwords are much easier broken without regard to entropy or length.
–
AviD♦Dec 5 '10 at 21:29

It is pretty easy to add many of the most common ones here to a password dictionary: the number of well-liked songs out there is pretty small (compared to the number of words with even 9 letters, e.g.). Also, first letters of words have less entropy than even letters in general. It helps to make the modifications, but people tend to make the same sorts of changes (a to @, t to T, etc) so that doesn't take you to a whole new level. I much prefer the methods that more randomly connect big sources of entropy. Combining this with the place you first heard the song might be better.
–
nealmcbNov 29 '10 at 5:36

1

@nealmcb good point. I thought this was a clever method of coming up with passwords. I'm not really sure that I agree that the number of 'popular' songs is so small; what defines 'popular'? I would agree that songs Elvis's songs are among the most popular, but you can pick a song that is less mainstream-popular, yet has special meaning to you. You also don't have to pick a line from the chorus; you can pick a line from a verse.
–
pkaedingNov 29 '10 at 17:13

3

@josh: There were only 933 songs to top the Billboard charts between 1955 and 2003 ("Fred Bronson's Billboard Book of Number 1 Hits, 5th Edition"). Multiply by perhaps 20 for # lines. There are of course many popular songs that never hit #1, and many genres, etc, but all told I think the number of songs likely to be used for the scheme presented here is very small compared to what you want to work from for a password. The presented scheme does not include your suggestion to remove first and last words (only sometimes, I assume), and even that only multiplies the number of entries by 4.
–
nealmcbMay 22 '11 at 19:09

1

More importantly, any scheme that asks for something "I like" will likely lead most people to pick from a very skewed distribution of popular things, which makes dictionary attacks much more practical. Instead, password schemes need good independent sources of entropy.
–
nealmcbMay 22 '11 at 19:13

The only problem with this method is if you apply it across multiple sites you may run into sites that limit your password to fewer characters than your sentence, and then you will have to remember multiple sentences.
–
joshuahedlundNov 29 '11 at 17:17

I think the key is to combine at least two seemingly unrelated pretty big sources of entropy. E.g. part of one medium-sized word combined with letters from the beginning of an idiosyncratic phrase, with some mixed case and numbers/symbols thrown in the middle. Do it in a way that you can make an odd and memorable story about it all, and make sure it is long enough, depending on how important it all is to you. Practice it for a while, and put some subtle hints about the story in a relatively private file.

For passwords, I use the following: two letters, then two digits, then two letters, then two digits. Letters are lowercase. Letters and digits are generated randomly.

It turns out that the resulting passwords are easy to remember (at least, easy for me; your brain might not be wired the same way than mine).

A good point of such passwords is that it is easy to compute their entropy: there are 264x104 possible passwords with this format, all with the same probability, thus an entropy of about 32.09 bits (a given password has probability 1/232.09 to be selected). 32 bits of entropy are not good for all usages, but they are good enough for most, including every usage where attacks are online. An online attack is one where the attacker must make a request to an "honest" system for each guess; e.g. a SSH server. Offline attacks (where the attacker can check a guess "alone", limited only by his computing power) are more scary and would require a stronger password.

Remember that knowing how much security you have is at least as important as having such security.

Bonus: here is the C program I use to generate those passwords (compiles under Linux and FreeBSD, should work on other Unix-like systems):

@Andrew: yes, absolutely. There are 2<sup>32.09</sup> possible passwords. This is too small for comfort, assuming that the attacker can "verify" a guess on his own computers (that's an "offline" attack). A good protocol will not allow that (in Unix terminology: /etc/shadow is not freely readable).
–
Thomas PorninFeb 14 '11 at 13:31

2

If you hash the password with a single MD5 invocation then your weakness is to use a single MD5 invocation. An adequate password storage function invokes the hash function millions of times, multiplying the attack cost by that many. What should be deleted is your suggestion of using plain MD5 for hashing; that's a terrible advice. A proper password hashing technique is bcrypt: en.wikipedia.org/wiki/Bcrypt
–
Thomas PorninAug 13 '11 at 16:15

I use a passphrase and random generator for that phrase (substitution cipher). I regenerate my key card monthly and keep a copy with me. I find the pseudorandom nature of it creates for strong passwords in a quasi-2 factor authentication. Something I have is my key card, something I know is my key phrase. As sample, I wrote a short app to build them here:

For example: my bank password could be "banking" and it would generate a very strong password for me, it would be easy to change, and my password would always be banking.

Choose a word you would remember and it long enough - let's say it's porcupine.

Choose a number you would remember - don't use you birth year, month and day, neither for your relatives, etc.! - let's say it's 28.

When you need a password for site security.stackexchange.com - make it 28-porcupine+S.S.C

This password is rememberable, since you only need to remember 1 word and 1 number for all sites you visit, and can recover password for any site without any effort. Of course, you can change algorithm, but the idea is to use combination f(n, w, s) where n and w are fixed and s is generated from the site name.

If one of those sites is malicious, they can see your generated password, and can guess your algorithm easily, allowing them to login for you in every other such "medium-security site".
–
Paŭlo EbermannAug 11 '11 at 11:56

Unfortunately, many systems place silly restrictions on passwords, so the same method of generating "rememberable" passwords will not always work for me.

Most often I don't need to remember that many passwords. I write the important ones down in keepass or a PGP-encrypted text file, or both.

However, most ones that I chose for my unix systems are based on lines from songs or just silly phrases or expressions, where I let each word become a character, with case varied depending on the stress or intonation of the word, or what words have more "meaning" in the phrase. Good idea to suffix or prefix some representation of the system/site name as well.

About password length: on web sites I always chose passwords of more than 8 characters. My reasoning being that many "clueless" systems designers store just an MD5 hash of the users password without any salt. Web sites do get hacked, and even if I use different passwords everywhere, I still don't want a script kiddie to do a lookup in a pregenerated hash-to-plaintext table and find my "random" password there.

A password hint should just be something that reminds you what your password is without exposing the actual password. Which means it should be something you would understand, but that a stranger would not be able to figure out.

If you use a base password but sometimes you use all lowercase or sometimes special characters then you could use a hint that just explains that (i.e. hint is "all lowercase").

Or use LastPass, it is my favorite password keeping tool that I use for almost everything.

To avoid Rainbow Table attacks, length is key. It is not uncommon when carrying out exploitation to grab SAM file or /etc/passwd and run a crack on the hashes. In the past I often used John the Ripper for a few days to see which hashes could be brute forced. These days I would quickly pop the hashes against a rainbow table and would have 95% of all the passwords under 9 characters (and if I wanted to check for 10 chars I could download the table for that length too - it just starts to get very big...)

For my login passwords, I use software (pwsafe or KeePass, mattering where I am) to generate an ugly password of whatever length I need (9 characters?). Then I write it down on something that goes in my wallet. After a few days of using it I remember it well enough and I shred the paper. The backup there is keeping it in one of those programs that's on a different machine than the password is to :)

For everything else, software does that for me. Having a program remember your passwords is so much better than doing it yourself, I don't quite understand why people resist it.

I've recently been looking at Off The Grid by Steve Gibson. It's a paper based encryption which can encrypt a domain name (or any text really) and provide a password to use. There's plenty of information on the site about it.

The basics of it is you take a 26x26 table of characters. This table follows rules similar to Sudoku (only one of each character in each row and column). This starts it off with a lot of entropy (1400 bits minimum). The basics of how to use it are fairly easy (I won't bother re-typing it all out again). The biggest risk for it is if someone physically steals your grid. Even then there are few steps you can take slow (should be easily long enough to realize someone has stolen it). These methods include,

Choosing a different starting location

Salting (You can do this by pre-pending/appending something when performing the encryption)

When performing the encryption (read the appropriate page) instead of choosing the next two characters. Instead choose perhaps the next three characters, one across one up, two down one left, etc.

I'm not using it myself, but I don't have much difficulty remembering 20 random characters which I use in combination of Passpack (online password manager)

One methodology I've heard of is to pick a page of a book and use the first letter of each word on a line. If you combine the capitalisation of the words and the odd number you can get a strong password that isn't easy to guess - all you have to do is remember the book and line!

Depending on what I need it for, I'll calculate an MD5 or SHA1 on some random file and run over that a few times. That's rather weak though, in that it only contains 16 characters.

If I need something stronger, I'll type three or four characters into a Tripcode searcher and see what it throws back at me. Stick two of those together and run them over a few times, and you've got a pretty secure password in that it's really quite random.

I use the perl module Crypt:RandPasswd, which can create pronouncable phrases surrounded by misc. specials and numerics. I find that the pronounciation rules limit the keyspace, but they make the mental part much easier. Even if I have to lookup a password, I can remember it long enough to type correctly first time.

What about a password with a rotating key, based on what you are doing? Example:
My core password is P4$$w3rdthati$h4rd (yeah, that's really what I use)

I want to use it for GMail. I start with P4$$w3rdthati$h4rd and add gm to the end (P4$$w3rdthati$h4rdgm). This way I only have to remember two or three letters based on what I'm doing, as my password is relatively consistent across services (public and private). I may use a tail ending (suffix) modifier for internet stuff, and a beginning modifier (prefix) for private stuff. Or insert it in the middle.

I'm open to flames if you feel this is bad practice, but I've never run into someone guessing my passwords, and I've never needed to write them down.

The real problem would be if you use this scheme to sign up to a site that doesnt encrypt/hash your password. Either the site itself, or that site's attacker, could read your password - and it would be pretty trivial to figure out your scheme based on this, and then use that for a differnt site. Though it's a fair risk, I do something similar... :)
–
AviD♦Nov 21 '10 at 14:43

1

I think this is the best answer without making the psw too long.
–
DiegoNov 23 '10 at 11:15

I find a totally random, complex string of characters by randomly hitting keys on my keyboard in a pattern my fingers are comfortable with and can do very quickly. Techniques I use to do this are:

alternate successive keys between hands for speed or use small groups of keys (2 or 3) next to each other on the keyboard, alternating the groups between each hand to make up the full password. It is hard to type an entire password quickly with just one hand

literally make the keys random and not spell anything or even a variant of something

when you change passwords, change your finger pattern significantly enough to hit totally different keys and key patterns (and not the same pattern shifted 1 or 2 keys in any direction)

After I have my random password, I practice typing the new password a few times to get my muscle memory to retain the key pattern. After my password is set, I log into a few systems in a row to further retain the key pattern.

In the end, you will have a totally random password that is difficult for you to forget because you aren't even remembering a string of characters, just a pattern your fingers take on the keyboard that doesn't mean anything at all to anyone, even you. Sometimes when I accidentally type my password in a clear text field (everyone has done this at some point...) it looks totally foreign to me because I don't think of the string, just the pattern I am hitting on the keyboard.

This method also doesn't translate to similar passwords and patterns among different users because everybody types differently. What is easy and fast for one person to type may be more difficult for another.

Typing "randomly" rarely creates random characters. There will usually be some identifiable structure and therefore weakness. eg, leftside chars then rightside chars, dipthongs, adjacent character groups. Instead use a program to create a random string, and then practice that to commit to haptic (muscle) memory.
–
Andy Lee RobinsonAug 13 '11 at 8:38